Automated decision making and profiling

Understanding GDPR

Shalini Kurapati, CIPP/E

Co-founder and CEO, Clearbox AI

AI: Lawfulness, fairness, and transparency

  • Legal basis
  • Fairness and discrimination - to infer data about people
  • Transparency
  • Special provisions- article 22
Understanding GDPR

Article 22

Illustration of an automated process

  • Fairness and anti-discrimination obligations
  • Article 22 - automated individual decision-making, including profiling
  • Right to human intervention and explanation
1 Image source: flaticon.com
Understanding GDPR

Profiling

Illustration of a person's profile.

  • Analyze and predict behavior, large-scale processing, using AI/machine learning
  • Identify and link behavior and attributes
  • Create profiles, and predict behavior based on profiles
  • Examples:
    • Treatment success
    • Risk of re-offending
1 Information Commissioner's Office
Understanding GDPR

Ethical concerns related to profiling

Screengrabs from news websites showing AI algorithm bias based on gender, race and performance scoring.

  • Propagate or reinforce bias
  • Design, data, their inherent complexity/ black box
  • Gender, racial discrimination
1 Image source: bbc.com, propublica.com, and techcrunch.com
Understanding GDPR

The famous profiling example

Screenshot of a newspaper graphic illustrating the cambridge analytica scandal

  • 320,000 users took an online personality test for 'academic research'
  • Collected personal data of friends of the user, up to 50m user data without consent
  • Personality/political profiling, targeted ads to those likely to change mind
  • Used in many elections in the US, UK, and worldwide
1 Image source: The Guardian
Understanding GDPR

Automated decision making

Illsutration of an automated decision where the computer decides on the outcome.

  • Decisions by automated means without human involvement
  • May or may not involve profiling
  • Any type of data - survey, location, profiling
  • Example: Automated CV screening
1 ARTICLE 29 WORKING PARTY Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679
Understanding GDPR

Banking example

Illustration of a bank manager not being able to explain why a loan was approved or rejected to some individuals.

  • Automated mortgage decision
  • Usually, AI gives yes or no answers, need for explanation and human intervention
  • Mechanisms for preventing bias and correcting and improving AI decisions
Understanding GDPR

Let's practice!

Understanding GDPR

Preparing Video For Download...